Hi Michael and Prashant,
I Agree with Prashants view on this. The reason being it is already mentioned in the draft that wired links are difficult to intercept. IMO this case is very confusing without adding much to the draft. I propose we let it be as it is. If there are no further comments we are going to submit this version for the last call.
Best Regards
Sunny
-----Original Message-----
From: owner-ipdvb@erg.abdn.ac.uk on behalf of Michael Noisternig
Sent: Fri 06/07/2007 13:54
To: Prashant Pillai
Cc: ipdvb@erg.abdn.ac.uk
Subject: Re: Fwd: ULE SEC REQ draft rev -03
Hi Prashant,
> Regarding this paragraph from your modifications. It was only removed because we
> were not very comfortable with the wordings. See Inline
I did not put much effort into the wordings because I had expected to
get some feedback on that prior to publication. Sorry, I should have
told so. :/
>>> However, the end-points of a communication might not be under central
>>> control (such as when browsing the public internet), and then it may not
>>> be possible to rely on end-to-end security.
>
> End-to-end security has nothing to do with central control. Only the two
> comunicating end parties are resposible for seting up any end-to-end security.
> So this sentance is quite misleading as we should be able to use end-to-end
> security withought any central control.
Ok, what I mean is that if the destination end-point is not under the
same control as the source, i.e. does not have the same owner (as a
person/company), then you are restricted to whatever security the
destination offers you. If it does not offer any security, there is no
way to enforce it. E.g., this is true for most of the web servers in the
www.
To repeat, in such case having security for the vulnerable (in terms of
passive attacks) ULE broadcast link is very desirable.
>>> ULE link security will then
>>> provide protection against attacks on the weakest link within the
>>> communication chain, i.e. the ULE broadcast link (see section 3.2).
>
> I am not sure if the ULE link would be the weakest link. Especially when data is
> sent over the interent (the case of wesbites like you mention) I would consider
> the fixed links to be vulnerable also.
Sure, the other links are vulnerable, too, if you don't have end-to-end
security. But compared to the ULE broadcast link wired links are much
more secure. On the ULE broadcast link, all it takes an attacker is to
switch his receiver into some kind of promiscious mode to derive passive
attacks. To succeed in any kind of attack on a wired link of the
Internet requires much more sophistication. That is why I said that the
ULE link was the weakest link in the communication chain. (Yes, I do not
like the wording myself, it was just to get the point.)
>> I think it is a case important enough to be outlined, i.e. a case where
>> an "ordinary" end-user (compared to a company) has no possibility to
>> enforce end-to-end security, yet he does not want "the whole world" to
>> potentially see the data he receives (e.g. the web sites he visits).
>> It demonstrates another reason for why ULE link layer security is
>> desirable, IMO.
>
> As discussed above, I also do not really see the point of only securing the ULE
> link when the interet link is unsecured. Securing only part of the link IMO
> will make the other link the weakest link.
As explained above, it will make it quite harder to derive successful
attacks. You'd have to tap specific wired links the data travels over,
or get access to the routers in between.
Best regards,
Michael